Computer applications have advanced such that now a user can perform many functions from a single computer user interface. For example, among other uses for computers and computer interfaces, applications have been developed that can allow a user to create files, manage data, email others, and chat in real-time with friends and colleagues. Networking enables computers to communicate. Through networks of computers, users can communicate. This provides a rich environment for enhancing the lives of computer users.
This environment also allows for a more-efficient work force. Companies can network computers to allow higher employee productivity and more rapid information access. Companies can also connect their internal networks to the internet and other networks to allow for broader communication opportunities. By interconnecting computers, computer users can rapidly share data. This rapid data sharing can allow employees to make decisions more rapidly, thereby becoming more productive for the company. Companies are typically highly motivated to network computers in an effort to optimize productivity.
Companies can also partition their internal networks to allow for more efficient routing of communications between certain groups of employees or users. For example, a company may decide that financial users communicate more with one another than with outside vendors or company sales people. In a case such as this, a company can partition its internal network to allow local routing of information within a group. Routers can be employed in the networking infrastructure. Routers can determine whether an external route (outside of a sub-domain or network) is needed or whether internal routing can be done for each message or packet transmitted to one of its interfaces. For any information that needs to go outside of a group, a router can find a path by which to route the information among the many external paths it is associated with. Partitioning by the use of routers can simplify router design and routing algorithms, which can thereby reduce the cost of routers.
When interfacing to external networks, companies typically employ firewall technology. Firewalls can be used to limit external access to internal company computers and network components. By employing firewall technology, companies can attempt to prevent hacker access to their internal computers. Firewalls can also be used to limit spam email and a variety of other related functions.
However, with its focus on prevention of external attacks and accesses, existing technology actually allows the inadvertent (or intentional) transmission of sensitive data by employees or users to other computer users outside the firewall. Firewalls are designed to prevent attackers and spammers from getting in, not to prevent employees and users from sending sensitive information out. Likewise, routers are designed to route rather than to prevent transmission. While certain router sub-domains can be defined within a network to allow for more efficient routing when computers on the same sub-domain wish to communicate, routing outside a sub-domain can also be done.
Therefore, there exists a need to be able to identify sensitive data at an application layer, to associate this sensitive data with transmission control rules and policies, and to enforce these rules and policies to control transmission of the sensitive data by other layers of a system.
Accordingly, in light of difficulties associated with conventional data security systems that do not address these needs, there exists a need for improved methods, systems, and computer program products for providing identification of and transmission screening and control for sensitive application-layer data.